Το κείμενο του εγγράφου

ShadowLink is an Emdat developed product that securely moves data between the Emdatservers and client’s PC or server

over the public Internet. It encrypts files using Secure SocketLayer

(SSL)/ Transport Layer Security (TLS)protocols

thatare

embedded in the MicrosoftOperating System on the local machine for communication across the Internet. As SSL/TLS

usesport 443, there are typically no firewall issues.

ShadowLink runs on a client’sworkstationunder Microsoft’sServer2003,

Server 2008,

XP

SP 3,Vista, Windows 7, and Windows 8

operating systems.

1.1

Local Resources

ShadowLink is a service application written using the Microsoft .NET (version4.0

or higher)

framework. It runs as a service in the background, but also

has a user interfacefor enteringservice account credentials. This interface can be used to monitor the service but is notrequired to be running.

During installation, the .NET framework version 4 will be installed on theworkstationif it’s notcurrently installed.Other than the .NET framework

(20 MB), ShadowLink has a small footprinton the clientworkstation

(less than 0.5 MB).



It uses the local drive for logging andfor temporarystorage

ofdatawhilethe message isin transit. This temporary storageis cleaned up over time by theShadowLinkservice sospace is conserved.



It requires very little memory or CPU cycles.

1.2

Communication

ShadowLink communicates with the Emdat servers over a

SSL/TLS

connection.ShadowLinkuses HTTPS

(secure HTTP protocols)

to utilize web services running on our servers.

Each HTTPS

request is authenticated with a service account login

ID, client

identifier, password,IP address, and workstation name using basic HTTP

authentication overaSSL/TLS

session.



For example, atypical requestwould betopost a HL7 message with patientinformation to our server. ShadowLink running on the client’s workstation has tosuccessfully authenticate to the Emdat serversto do so.



Likewise the ShadowLink client will submit an HTTPS

request frequently to our serversto see if any transcriptions are available for downloading.

These requests also requireauthentication.

The authentication process also uses the IP address and

workstation name from theworkstation it is running on. This is compared to the IP address and workstation name that wasrecorded when ShadowLink was originally configured. This insures that new instances ofShadowLink Overview

Page2

of6

April 1, 2013

ShadowLink cannot be arbitrarily installed without the service account being reset by anauthorized user.

ShadowLink was designedto encryptinformation using SSL/TLS

when transmitted to and fromthe Emdat

servers.

No SSL certificates are usedon theclient-side

application;

the certificatesare used from Emdat’s servers.

The advantage ofusingthis method is that all communicationsare performed using the secured SSL/TLS

connection which was established inside oftheclient’snetwork; either within the firewall or within theclient’sfirewall DMZ zone.

Communication between ShadowLink andthe client’sEHRsystem is configurable and set up ona case by case basis. It has capabilities to transfer to theEHRusing TCP

or transferring to afolder or network path. There is a possibility of additional

communication methods such asusing web services but it may require custom development;

any inquiries regarding this can beforwarded to your Emdat contact.

ShadowLink saves information on the workstation only while it is waiting for a response fromthe Emdat servers that the patient or Associate information was successfully received or whileit is waiting for the EMR (or the filestore)to respond that the transcription was successfullyreceived. ShadowLink automatically removes all locally stored information.

application installed locallywill listenonaspecificport for incoming messages.When it receives a message, it willencryptandforward these messages

to the Emdat servers

where they will bedecrypted,parsed,

andloaded

in the client-specific patient and appointment tables. When receiving data from theclient’s system,Emdat is able to accept the fairly standard HL7 formats. The typical messagesused to extract the information are A04 (Outpatient Registration) and A01 (InpatientRegistration) messages. Other messages, such as A08 (Patient Updates), O01 and O02 (ordermessages), and various SCH (scheduling messages)

can also be used.

In a similar fashion, the Emdat transcription exports can be produced in a variety of HL7 flavors.

CommonMessage types:



MDM

(Medical Document Management)



ORU

(Observation Results Message)

Embedded Transcription formats:



Some clients prefer flat text with a separate line for every 65 characters of text, each ina unique OBX segment.

ShadowLink Overview

Page3

of6

April 1, 2013



Others prefer a single OBX segment with linefeeds designated by an HL7 repetitioncharacter (“~” in most cases).



Some require the body of the report in an RTFor PDFformat.



Some are using newer HL7 ContentDocument Architecture (CDA) formats.



Emdat can produce each of these as well as other customized formats.

The Emdat servers produce the proper HL7 export message at a specific trigger point within theEmdat InQuiry application. The message is encrypted and queued for delivery by ShadowLink.At the client site, ShadowLink queries the Emdat server at recurring intervals and pulls downthese HL7 messages when available. Itdecrypts the message and then passesit

to a specificclient-defined IP address and port.

3

Other file formats

ShadowLink is also configurable to accept demographic and appointment information in anEmdat-defined fixed-widthtext(.TXT)format, acustomized fixed-widthtext

format, or a.CSVformat. Emdat can also accept manytext-basedreports

that can be parsed fortherequiredinformation. Instead of listening to a port for an HL/7 message, ShadowLink is configured tolook in a specific directory for the file or to look into a networkshare. When the file is present,the file is encrypted and sent to the Emdat server whichdecrypts the file, parses the requiredinformation, and stores it in the client-specific patient and appointment tables.

Similarly, the transcription export can be created on the Emdat servers in a variety of fileformats including Microsoft Word

Or, patient demographic information fromthe transcription can be encoded into the file

name, file

header,

or fields such that the EMRsystem can automatically import and properly post the transcription.

The Emdat Server encrypts the transcription and queues the result. ShadowLink queries theserver on a recurring basis and, when a file is present,encrypts the transcription, transfersthefileover the internet,decryptsthe file, and sends the transcription to a specific IP address andport, or

savesthe filetoaspecifieddirectory or network share.

4

Associate information

Most clients sendcopies oftranscriptions to outside referring physicians, insurance companies,orgovernment organizations. The Emdat system saves this address information in

a client-specific Associate database. While this database may be updated by hand via Emdat InQuiry,the ShadowLink product allows this database to be updated from the client’s EMR database ofcontacts.

ShadowLink Overview

Page4

of6

April 1, 2013

This requires theEMR

toproduce a file of all new associate

records,associate records that havechanged, or deleted associate records. ShadowLink will look for this file in a specifieddirectory at recurring intervals and, if present, will encrypt the file and move it to the EmdatServers. The file is decrypted at the Emdat servers and the records are added to or updated inthe Client’s Associate database.

SP3, Vista, Windows 7, or Windows 8.Support for XP SP3 is beingdropped in June 2014, the same time as Microsoft is dropping support. Current versions ofShadowLink will continue to work on XP after this time; however, future versions will notbedesigned or tested for running on XP.

The client is responsible for:



The PC or Server hardware

with a support Microsoft Windows operating system.



Keeping the operating system upgraded with the most recent Microsoft upgrades.

The installation involves downloading the ShadowLink installation software from an Emdatwebsite, installing the software, entering a client-specific ID and password into theconfiguration, and notifying Emdat of the installation.

Emdat is responsible for:



Completing the ShadowLink configuration to extract the required patient andappointment.



Developing theprogram to export the transcription into the proper format andconfiguring ShadowLink to deliver the message / file.



Testing of the communication path and file / message formats.



Ongoingday-to-daymonitoring of theShadowLinkservice.

ShadowLink gives Emdatthe ability to know that a message has successfully moved across the internet in anencrypted format and delivered unaltered.Depending on the EHR, ShadowLink can alsoknow if the message was successfully received by the EHR.